Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,681
Maven
5,000+
npm
4,311
NuGet
760
pip
4,084
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

98 advisories

Loading
Unauthenticated Arbitrary File Deletion (upgrade_contents.php) in DB Electronica... High Unreviewed
CVE-2025-66254 was published Nov 26, 2025
The WP AUDIO GALLERY plugin for WordPress is vulnerable to arbitrary file deletion due to... High Unreviewed
CVE-2025-13322 was published Nov 21, 2025
External control of file name or path in Windows WLAN Service allows an authorized attacker to... High Unreviewed
CVE-2025-59511 was published Nov 11, 2025
The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-11451 was published Nov 11, 2025
A vulnerability was found in 70mai X200 up to 20251019. This issue affects some unknown... High Unreviewed
CVE-2025-12915 was published Nov 9, 2025
Nagios XI versions prior to 5.7.3 contain a privilege escalation vulnerability in the getprofile... High Unreviewed
CVE-2020-36868 was published Oct 31, 2025
The go command may execute unexpected commands when operating in untrusted VCS repositories. This... High Unreviewed
CVE-2025-4674 was published Jul 30, 2025
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit... High Unreviewed
CVE-2023-35985 was published Nov 27, 2023
An information disclosure vulnerability exists in the image404Raw.php functionality of WWBN... High Unreviewed
CVE-2023-49738 was published Jan 10, 2024
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit... High Unreviewed
CVE-2023-40194 was published Nov 27, 2023
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356.... High Unreviewed
CVE-2023-39542 was published Nov 27, 2023
aiomysql allows arbitrary access to client files through vulnerability of a malicious MySQL server High
CVE-2025-62611 was published for aiomysql (pip) Oct 22, 2025
KonstantAnxiety
Credited to KonstantAnxiety
External control of file name or path in WebDAV allows an unauthorized attacker to execute code... High Unreviewed
CVE-2025-33053 was published Jun 10, 2025
An authenticated file read vulnerability in the Palo Alto Networks PAN-OS software enables an... High Unreviewed
CVE-2025-0111 was published Feb 12, 2025
A validation vulnerability exists in an undisclosed URL in the Configuration utility.  Note:... High Unreviewed
CVE-2025-59483 was published Oct 15, 2025
An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2,... High Unreviewed
CVE-2024-10361 was published Mar 20, 2025
External control of file name or path in Confidential Azure Container Instances allows an... High Unreviewed
CVE-2025-59291 was published Oct 14, 2025
External control of file name or path in Confidential Azure Container Instances allows an... High Unreviewed
CVE-2025-59292 was published Oct 14, 2025
Concurrent execution using shared resource with improper synchronization ('race condition') in... High Unreviewed
CVE-2025-59200 was published Oct 14, 2025
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows... High Unreviewed
CVE-2014-2375 was published May 17, 2022
The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-10494 was published Oct 8, 2025
External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion... High Unreviewed
CVE-2024-11838 was published Dec 13, 2024
The WP Import – Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-10058 was published Sep 17, 2025
Mockoon has a Path Traversal and LFI in the static file serving endpoint High
CVE-2025-59049 was published for @mockoon/cli (npm) Mar 11, 2025
RisingZero
Credited to RisingZero
The Propovoice: All-in-One Client Management System plugin for WordPress is vulnerable to... High Unreviewed
CVE-2025-8422 was published Sep 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database